Anti-Jihadi Hacker The Jester Hits WikiLeaks Site With XerXeS DoS Attack

Updated: November 29, 2010

Infamous anti-jihadi hacker The Jester (th3j35t3r) is claiming responsibility for a denial of service attack (DoS) attack that temporarily disabled the WikiLeaks website just hours before the release of thousands of classified documents.

WikiLeaks, the secret-sharing website led by fugitive founder Julian Assange, has been plaguing the U.S. government with repeated postings of leaked materials.

The WikiLeaks Twitter account carried the message, "We are currently under a mass distributed denial of service attack," for several hours on Sunday.

The Jester Tweeted that he was carrying out the attacks, "for attempting to endanger the lives of our troops, 'other assets' & foreign relations..."

During the WikiLeaks website outage, The Jester's Twitter page indicated that he was conducting the denial of service attack, although several of the Tweets have since been deleted.

Earlier this year, I conducted several interviews with The Jester regarding his repeated attacks on militant Islamic websites, including successful disruptions of the sites administered by the Taliban and by Iranian President Mahmoud Ahmadinejad.

DoS attacks are nothing new, and are usually perpetrated by flooding a target server with simultaneous communications through several different techniques, but The Jester has developed a method that represents a twist to the tactic.

He employs an innovative tool he calls XerXeS, which can produce an automated DoS attack without relying on an army of zombie computers controlled through a botnet, and the attack can be carried out with one low-spec computer.

"Okay it started with a little script I wrote a while back to harden-test servers," The Jester told me in February.

"I modified this script, and it was just a nasty script, very cumbersome. When I realized the extent of the jihad online recruiting and co-ordination involvement (much later), I realized I could turn this script into a weapon."

"XerXes requires no zombie network or botnet to be effective. Once a single attacking machine running XerXeS has smacked down a box, it's down, there is no need for thousands of machines. But, XerXeS does not hurt intermediary nodes along its path to the target. So the answer is that such institutions' systems would still be intact, as it causes no collateral damage, just not functional."

I witnessed several live demonstrations of XerXeS capabilities, and The Jester subsequently supplied Infosec Island with two exclusive videos of the technique in action:

The videos show the high level of control XerXeS commands, as The Jester is able to take down a target website in a matter of minutes, and return the website to an operable state in seconds.

"Many people worry about the nodes between me and the target. This technique affects nobody but the intended target. All intermediaries remain unaffected," The Jester stated.

Now it appears The Jester is not limiting his attacks to militant jihadi websites, and has decided to unleash the wrath of XerXeS on the WikiLeaks outlet.

The bulk of the documents to be posted by WikiLeaks were previously provided to several news agencies, so the disruption to the WikiLeaks website would not have prevented the release of the so-called "Embassy" documents.

The classified data dump is supposed to contain diplomatic communications that reveal some unflattering statements from U.S. officials regarding the leadership of several allies, as well as information on several international hot spots like North Korea, Iran and Iraq.

Related Categories
Featured Research
  • Securing Enterprise Information Technology

    In the 1980s and 1990s, business applications and data were largely confined within and protected by a Local Area Network (LAN). The 2000s introduced a significant change. Download this white paper now to learn why the shift to the cloud is changing how companies think about and manage their IT infrastructure. more

  • Office365 Adoption eGuide

    Microsoft moved to the cloud in 2014, and, as a result, Office 365 is taking off. Now, Okta customers are connecting to Office 365 in increasing numbers. This eGuide explains why IT departments should plan and deploy solutions around identity and mobility management in concert with their Office 365 roll out to get maximum user adoption. more

  • Okta Directory Integration

    For most companies, Active Directory (AD) or Lightweight Directory Access Protocol (LDAP) play a central role in coordinating identity and access management policies. When on-premise applications are integrated to Active Directory or LDAP, users get the best possible experience. That's why Okta's cloud-based identity and access management service provides a highly useful single integration point. more

  • Top 8 Identity and Access Management Challenges with Your SaaS Applications

    With more and more businesses adopting Software-as-a-Service (SaaS) applications, enterprise IT is fundamentally changing. This whitepaper presents the eight biggest Identity and Access Management (IAM) challenges associated with adopting and deploying cloud and SaaS applications, and discusses best practices for addressing each of them. more

  • Better BYOD with Pulse Secure and MDM Partners

    Learn how Pulse Secure and leading MDM product partners are transforming the way employees and IT benefit from the productivity and flexibility of BYOD — without compromising security or increasing management complexity. more